Since 5 days i have not received any response. It could be a silly questions
to you guys. But i need the answer.
Waiting for a nice reply.
Best Regards,
S S Rout
--
View this message in context:
Hey Crypto guys,
I have a basic questions regarding Certificate validation. Basically in a
Server Authentication a TLS client should validate the CN/SN with Host
portion of the ACS.URL. If it matches then handshake will succeed else will
fail. Am I right ?
e.g.
if Host.Url=x.x.x.x then CN (in
Thanks Dave for explanation.
One doubt regarding sentence If a subjectAltName extension of type dNSName
is present, that MUST
be used as the identity(RFC 2818)
What does this line means ?
Does it says if a certificate have different CN in issuer subject field
but SubAltname: x.x.x.x which
self-signed DSA type
certificates(keep the same on client server side as well) ?
Please clarify Dave.
Best Regards.
S S Rout
Dave Thompson-5 wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
Sent: Friday, 11 May, 2012 03:50
Please help me out in debugging this cipher
Hi Folks,
In RFC-2246 there are various ways of Handshake failure.
Alert Descriptions
===
unexpected message 10
bad record mac 20
decryption failed 21
record overflow 22
decompression failure 30
unsupported certificate 43
certificate revoked 44
certificate unknown 46
illegal
Hi All,
Please help me out in debugging this cipher negotiation issue.
My client supports OpensslV1.0 and my server supports Openssl0.9.7. I used
self-signed RSA type certificate on both server client. But my Handshake
is failing.
My client sends these ciphers in client hello message.
Cipher
Dear All,
What is the significance of each phrase in the below cipher suite ?
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
May be this is a dump question. But i am interested to know each phrase.
Best Regards,
Siba Shankar Rout
--
View this message in context:
Dave all,
We have fixed the Segment lost issue which was causing Packet drop. But we
are still seeing the Encryption Alert again. I am attaching one more
packet capture which has all the information.
Due to my limited knowledge i request would you please explain me the exact
reason for this
Dear Folks,
I am looking for What are the possible TLS/SSL testing suite? Is there
any link/docs which i can follow to get an idea about what are the possible
TLS/SSL Testing specification ?
Thanks in Advance.
Best Regards,
S S Rout
--
View this message in context:
Hi Johannes Bauer
If I have a certificate chain
Root - A - B - Leaf
where Leaf is the certificate of a webserver (https) and Root is av
self-signed certificate.
If you donot mind would you please mention what are the Openssl commands you
used to create this chain ?
Please help me on this.
I am doing Server Authentication where i keep ROOT cert are my client and
Server cert ( could be Selfsigned or chained cert).
The issue here is i am facing the below error when ever i am using
2-level-CA cert even more.
Alert Level: Fatal, Description: Unable to verify leaf signature (21)
Thanks Dave.
I request you please give more information regarding this error. What
exactly it means to me ?
I am doing Server Authentication where i keep ROOT cert are my client and
Server cert ( could be Selfsigned or chained cert).
The issue here is i am facing the below error when ever i
Dear Folks,
While setting up the TLS session i am facing below error.
TLS Alert Level: Fatal, Description: Unable to verify leaf signature (21)
I created the Chained certfificate like below :
ROOTCAServerCA-ServerCert
I kept ROOTCA at my TLS client and cancatenated version of all the
Folks,
Can somebody clarify my doubts on below questions
1) what is intermediate certificate validation ?
2) Is it required to keep chained certificate or End user certificate at
Server Side
3) How to generate intermediate certificate using Openssl command ?
Please clarify.
Thanks in advance.
Dear Folks,
I am seeing the below errors during the certificate validation. Not sure
what is wrong with the certificate.
error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
Here is the
Hi Folks,
Can somebody please clarify my silly questions ? I need to understand the
behavior of TLS client.
1. How do I verify that TLS Client send connection close without sending
Closure alert ?
2. Is there any way to decrypt Application data (HTTP data) on wireshark
itself ?
3.
Dear All,
My TLS client can validate both CN and SN i need to test both the
scenario.
I don't know how to create certificate with “subjectAltName extension”
using openssl commands.
In the RFC-2818 , there are two ways of Certificate Validation for Host name
1) CN (Common Name)
2)
Dear All,
Actually in large TLS client deployment network what are the Silence points
we need to take into consideration to have a healthy handshakes with data
traffic without any issues?
i.e. to avoid TLS server overload
If my TLS client does not support Session Resumption(means every time it
Thanks a lot Dave for a Wonderful explanation.
Best Regards,
Rout
--
View this message in context:
http://old.nabble.com/Difference-b-w-TLS--Connection-and-TLS-Session-tp32780649p32831085.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Dear All,
Actually in large TLS client deployment network what are the Silence points
we need to take into consideration to have a healthy handshakes with data
traffic without any issues?
If my TLS client does not support Session Resumption(means every time it
does Full handshakes) then what
Thanks Wim Richard.
But still i donot understand why I am seeing Encryption Alert ?
My TLS Client is 10.220.4.50 My TLS Server is 10.204.4.69. If you
see the packets #16,#31,#50 then an Encryption Alert is being sent by TLS
Client.
As of this Connection is getting closed and new handshake
Dear ALL,
While understanding the TLS Resumption i got some questions. Can any body
please explain this to me ?
1) What should i see in Client Hello message if i say my TLS client Support
TLS-Resumption ?
2) If i donot see any TLS extension then what would be the real impact on
Secure
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mr.Rout
Sent: Thursday, November 03, 2011 10:28 AM
To: openssl-users@openssl.org
Subject: RE: Help in Generating Chained ROOT Certificate
Thanks Dave.
Probably i have not understood the things properly.
After surfing through Google i got
:
From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
Sent: Monday, 31 October, 2011 13:43
I am newbie to Openssl. I am confused about Chained ROOT
certificates?
Could someone please guide me the step by step approach for generating
Chained ROOT certificate?
e.g. My Server name
Dear All,
I am doing HTTPS Testing using Openssl Squid proxy.
We are implemented TLS client which supports TLSv1.0 only.
Can some body please suggest me What are the Silence points we need to
verify for HTTPS Testing?.
Any comments would help me a lot.
-Regards,
Rout
--
View this message
Dear All,
I am newbie to Openssl. I am confused about Chained ROOT certificates?
Could someone please guide me the step by step approach for generating
Chained ROOT certificate?
e.g. My Server name is www.https.com ( I successfully generated Self-signed
SSL certificate where i put
26 matches
Mail list logo